A substantial part of running a business involves being aware of the most significant threats and actively working to mitigate them. Here are five of the top ones you should know about, and how you should aim to avoid them.
1. Phishing
A phishing attack occurs when a cybercriminal sends an email impersonating an individual or a company in an attempt to trick the recipient into providing sensitive details. According to a PhishLabs report, the volume of phishing attacks grew by 40.9% in 2018.
The report also noted that most of the emails that made it to the inboxes of corporate users did not contain malware. That’s because there’s a growing trend where hackers often alter emails to make them appear as being from people the recipients know. They ask simple requests such as, “hey, could you send me that invoice?” to urge people to take action.
Helping employees recognize the warning signs of phishing is an excellent first step. It’s also a good idea to warn them to avoid acting in haste and to investigate email requests further instead of immediately taking action.
2. Credential Stuffing
Most people at your business probably have to use several passwords during their workdays to log into various accounts. To make things easier on themselves, many employees reuse passwords across numerous sites. They don’t have to remember as much that way, but that kind of recycling means hackers have a potentially broader reach if they determine even a single password.
This issue caused the rise of something called credential stuffing. This is a brute-force attack where cybercriminals use automated tools to try massive quantities of stolen login data across numerous sites until they find password/website combinations that work. If a person uses the same password for five sites, for example, it’s easy to envision how hackers could quickly do tremendous damage.
Research shows that 81% of data breaches occur due to weak, default or stolen passwords. A practical tactic is to use platforms that have multifactor authentication (MFA) turned on. Then, even if cybercriminals get the password, they won’t have the temporary code sent to a smartphone or something similar that completes the login process.
3. A Lack of Preparedness
One of the biggest threats to the security of your business could be that you don’t have an action plan in place if something happens. Research from ITProPortal found that 62% of small and medium-sized companies did not have cybersecurity strategies in place. Not having a plan — for cybersecurity or otherwise — will likely make it more challenging to recover from incidents, and the aftermath may even cause your business to shut down.
It’s crucial to adopt a “not if, but when” mindset about business security. In addition to coming up with a crisis response plan, test the methods to see how they work in real life. Then, it’ll be possible to tweak things if needed before implementing it during an actual event.
4. Ransomware
Ransomware is a type of malware that restricts a user’s access to files or an entire computer unless they pay an amount demanded by a hacker. Even then, paying the ransom is no guarantee of getting restored access. Some ransomware attacks have a global reach and are so extensive that the people affected have to resort to using pens and paper instead of relying on digital records.
Ransomware often wreaks havoc once a person downloads a file containing malware or goes to a site containing a “drive-by download.” In that case, a person unknowingly visits a contaminated website and gets the ransomware.
There is no foolproof method for staying protected from ransomware. However, restricting sites employees can visit is one step to take. Coaching them about how to spot malware is also useful.
5. Physical Insecurity
Although most of the things covered here relate to cybersecurity, you must not overlook physical security measures. Programmable door locks and cameras are two readily available things to invest in. Besides having such an infrastructure in place, you should consider introducing an access control training module for employees.
Remember that the most high-tech physical security solutions won’t work if employees make too many assumptions. For example, if a person dressed in work clothes requests access to a restricted area, an employee should first verify that such a person is scheduled to come that day.
Anticipation Is an Excellent Precaution
This list will help you get ready to face some of the biggest risks to modern businesses. Instead of letting fear drive you, feel empowered by the fact that you now have the knowledge needed to both anticipate and stop threats.